Hi Team,

In SSL Proxy profiles, we specify cipher text as 'HIGH:MEDIUM:!aNULL:!eNULL:!RC4::!DH:!kEDH ' which is not a cipher but indicates about strength of ciphers. Can we know what ciphers are really presented by ESB for connection?

SSL Proxy Profiles are deprecated for several years, meaning they still work but lack current features (e.g. elliptic curve ciphers etc.).

So the recommendation is to move to SSL Server Profile / SSL Client Profile instead, which among others allow you to explicitly select which ciphers to offer.

Besides ciphers, I think also the enabled protocols impact the list (SSLv3/TLSv1.0/TLSv1.1/TLSv1.2).

You can always review a TLS handshake in packet-capture for details, or test against a DP service which FSH is configured with your (Reverse) SSL Proxy Profile definition and then use "nmap --script ssl-enum-ciphers -p <port> <IP/FQDN>".

Thanks for the Response. But i need to know how DP behaves with deprecated ssl proxy feature, where ciphers are specified in a text box with value as i have given. When we are negotiating connection to any server, we must be presenting a list of ciphers. I need to know that.